go: update to 1.25.8 and 1.26.1 (security)
These releases include 5 security fixes following the security policy:
- crypto/x509: incorrect enforcement of email constraints
When verifying a certificate chain which contains a certificate
containing multiple email address constraints (composed of the full
email address) which share common local portions (the portion of the
address before the '@' character) but different domain portions (the
portion of the address after the '@' character), these constraints
will not be properly applied, and only the last constraint will be
considered.
This can allow certificates in the chain containing email addresses
which are either not permitted or excluded by the relevant
constraints to be returned by calls to Certificate.Verify. Since the
name constraint checks happen after chain building is complete, this
only applies to certificate chains which chain to trusted roots
[81 lines not shown]
py-typer: added version 0.24.1
Typer is a library for building CLI applications that users will
love using and developers will love creating. Based on Python type
hints.
It's also a command line tool to run scripts, automatically converting
them to CLI applications.
py-icalendar: updated to 7.0.3
7.0.3
Minor changes
Show colorful required code changes in the CI output to help contributors solve the formatting issues. :pr:`1216`
Use ruff 0.15.0 for code formatting in :file:`tox.ini`. :pr:`1215`
New features
Added :attr:`Event.RECURRENCE_ID <icalendar.cal.event.Event.RECURRENCE_ID>`, :attr:`Todo.RECURRENCE_ID <icalendar.cal.todo.Todo.RECURRENCE_ID>` and :attr:`Journal.RECURRENCE_ID <icalendar.cal.journal.Journal.RECURRENCE_ID>` properties, including support in their new() constructors. :issue:`1231`
Bug fixes
Fixed :func:`~icalendar.timezone.tzid.tzids_from_tzinfo` not recognizing dateutil.tz.win.tzwin objects on Windows. UTC datetimes using dateutil.tz.gettz("UTC") now correctly serialize with the Z suffix instead of TZID=Coordinated Universal Time. :issue:`1056`
Fixed :meth:`Calendar.get_missing_tzids <icalendar.cal.calendar.Calendar.get_missing_tzids>` raising KeyError when a VTIMEZONE exists for a timezone not referenced by any event TZID, for example, when added by the x-wr-timezone conversion. :issue:`1124`
Fixed :meth:`Calendar.get_missing_tzids <icalendar.cal.calendar.Calendar.get_missing_tzids>` and :meth:`Calendar.add_missing_timezones <icalendar.cal.calendar.Calendar.add_missing_timezones>` generating a spurious VTIMEZONE for UTC. RFC 5545 requires UTC datetimes to use the Z suffix; no VTIMEZONE component is needed or permitted. :issue:`1124`
Fixed :meth:`Parameters.update_tzid_from <icalendar.parser.parameter.Parameters.update_tzid_from>` incorrectly setting TZID=UTC on UTC datetimes. RFC 5545 requires UTC datetimes to use the Z suffix without a TZID parameter. :issue:`1124`
[6 lines not shown]
py-tinyhtml5: updated to 2.1.0
2.1.0
Dependencies
Support Python 3.14.
Drop support of Python 3.9.
Features
Allow useless parameters for all HTML input streams.
rust193: add un-finished bits to support NetBSD/m68k.
The current major hurdle is that LLVM appears to use 16-bit
relocations "all over the place", and that doesn't work for big
programs. I think this is the same problem as reported in
https://github.com/llvm/llvm-project/issues/181481
so eagerly awaiting the resolution of that issue.
py-python-discovery: added version 1.1.0
You may have multiple Python versions installed on your machine -- system
Python, versions from pyenv, mise, asdf, uv, or the Windows registry (PEP 514).
python-discovery finds the right one for you.
Give it a requirement like python3.12 or >=3.11,<3.13, and it searches all
known locations, verifies each candidate, and returns detailed metadata about
the match. Results are cached to disk so repeated lookups are fast.
textproc/treemd: update to 0.5.9
[0.5.9] - 2026-03-04
Added
- Dynamic help text - Help popup now displays actual configured keybindings instead of hardcoded key strings (#47)
- User-customized keybindings are reflected in the help menu at render time
- Structured HelpLine enum replaces raw string-based help entries
- Noop action for keybinding customization - Users can unbind keys by mapping them to Noop in their config (#46)
- Noop entries are automatically filtered from the help popup
- Regression tests for keybinding system - Added tests for user config override, Noop unbinding, clone preservation, and help entry filtering
Fixed
- Keybinding config merging - User-defined keybindings now correctly override defaults (#46)
- Previously, defaults were inserted first in the dispatch Vec and matched before user overrides
- New approach replaces matching default bindings in-place, preserving user precedence
[13 lines not shown]
audio/spotify-qt: update to 4.0.3
Fixes
Fixed a common crash while starting the application (#311).
Fixed playlists not loading correctly in some cases (#313).
Fixed milliseconds in lyrics not being parsed correctly.
Fixed podcasts not loading correctly in some cases.
Fixed not loading artist albums in some cases.
Fixed not being able to follow/unfollow artists in some cases.
Changes
Added Wayland support for AppImage builds (#249).
Now hides followers and popularity from artist if unavailable.
Now hides genres description from artist if unavailable.
Now hides popular tracks from artists if unavailable.
Now hides album groups from artists if unavailable.
Removed deprecated "New releases" from library.
[4 lines not shown]
shells/oh-my-posh: update to 29.7.1
Bug Fixes
cache: always store mod time (9635e25), closes #7340
winget: parse regardless of localization (244612a)
Performance Improvements
avoid splitting strings too far (619c457)
segments/git: remove unnecessary stash count string splitting (fcaab74)
segments/jujutsu: do not split throughout to get first status line (4c67ca7)